From 3d50e7386178cd0392d2e1c9ba7b9e933b4c27e3 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 21 Aug 2014 13:28:19 +0200 Subject: initial commit --- cd-system/cd-exim.conf | 133 ++++++++++++++++++++++++++++++++++++++++++++ cd-system/cd-iptables.rules | 5 ++ cd-system/host_redirect | 1 + cd-system/internet_aliases | 2 + 4 files changed, 141 insertions(+) create mode 100644 cd-system/cd-exim.conf create mode 100644 cd-system/cd-iptables.rules create mode 100644 cd-system/host_redirect create mode 100644 cd-system/internet_aliases (limited to 'cd-system') diff --git a/cd-system/cd-exim.conf b/cd-system/cd-exim.conf new file mode 100644 index 0000000..c2f4835 --- /dev/null +++ b/cd-system/cd-exim.conf @@ -0,0 +1,133 @@ +RETIOLUM_HOSTNAME = cd.retiolum + +primary_hostname = RETIOLUM_HOSTNAME + +HOST_REDIR = /etc/exim4/host_redirect +INTERNET_ALIASES = /etc/exim4/internet_aliases + + +# Domains not listed in local_domains need to be deliverable remotely. +# XXX We abuse local_domains to mean "domains, we're the gateway for". +domainlist local_domains = @ : localhost +domainlist relay_to_domains = +hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 ; 10.243.13.37 + +acl_smtp_rcpt = acl_check_rcpt +acl_smtp_data = acl_check_data + +never_users = root + +host_lookup = * + +rfc1413_hosts = * +rfc1413_query_timeout = 5s + + +log_selector = -queue_run +address_rewrite +all_parents +queue_time +log_file_path = syslog +syslog_timestamp = false +syslog_duplication = false + +begin acl + +acl_check_rcpt: + accept hosts = : + control = dkim_disable_verify + + deny message = Restricted characters in address + domains = +local_domains + local_parts = ^[.] : ^.*[@%!/|] + + deny message = Restricted characters in address + domains = !+local_domains + local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ + + accept local_parts = postmaster + domains = +local_domains + + + accept hosts = +relay_from_hosts + control = submission + # debian: control = submission/sender_retain + # arch & debian: + control = dkim_disable_verify + + accept authenticated = * + control = submission + control = dkim_disable_verify + + accept message = relay not permitted 2 + recipients = lsearch;INTERNET_ALIASES + + require message = relay not permitted + domains = +local_domains : +relay_to_domains + + require + message = unknown user + verify = recipient/callout + + accept + + +acl_check_data: + accept + + +begin routers + +retiolum: + debug_print = "R: retiolum for $local_part@$domain" + driver = manualroute + domains = ! RETIOLUM_HOSTNAME : *.retiolum + transport = retiolum_smtp + route_list = ^.* $0 byname + no_more + +internet_aliases: + debug_print = "R: internet_aliases for $local_part@$domain" + driver = redirect + data = ${lookup{$local_part@$domain}lsearch{INTERNET_ALIASES}} + +dnslookup: + debug_print = "R: dnslookup for $local_part@$domain" + driver = dnslookup + domains = ! +local_domains + transport = remote_smtp + ignore_target_hosts = <; 0.0.0.0 ;: 127.0.0.0/8 ; ::1 + no_more + + +begin transports + +retiolum_smtp: + driver = smtp + retry_include_ip_address = false + +remote_smtp: + driver = smtp + + +home_maildir: + driver = appendfile + + #file = /var/mail/$local_part + maildir_format + maildir_use_size_file + directory = $home/Maildir + directory_mode = 0700 + + delivery_date_add + envelope_to_add + return_path_add + + + +begin retry + +*.retiolum * F,42d,1m +* * F,2h,15m; G,16h,1h,1.5; F,4d,6h + + +begin rewrite + +begin authenticators diff --git a/cd-system/cd-iptables.rules b/cd-system/cd-iptables.rules new file mode 100644 index 0000000..c9af7d5 --- /dev/null +++ b/cd-system/cd-iptables.rules @@ -0,0 +1,5 @@ +... + +-A INPUT -p tcp -m conntrack --ctstate NEW --syn --dport smtp -j ACCEPT + +... diff --git a/cd-system/host_redirect b/cd-system/host_redirect new file mode 100644 index 0000000..5cdf180 --- /dev/null +++ b/cd-system/host_redirect @@ -0,0 +1 @@ +oneofmypublicdomains.com: oneofmyretiolumhosts.retiolum diff --git a/cd-system/internet_aliases b/cd-system/internet_aliases new file mode 100644 index 0000000..f07559c --- /dev/null +++ b/cd-system/internet_aliases @@ -0,0 +1,2 @@ +me@mypublicdomain.com: me@myretiolumdomain.retiolum +me@myotherretiolumdomain.retiolum: me@myevenotherretiolumdomain.retiolum -- cgit v1.2.3